SSH client setup

see sshd for the server

Key-pair

Generate your workstation key pair

ssh-keygen -t ed25519
cat ~/.ssh/id_ed25519.pub

and copy/paste it to the servers you need to maintain (~/.ssh/authorized_keys)

cat ~/.ssh/id_*.pub

Eventually store the fingerprint of your public key (MD5 used at GitHub),

ssh-keygen -lf ~/.ssh/id_ed25519.pub > ~/.ssh/id_ed25519.pub.sha256
ssh-keygen -E md5 -lf ~/.ssh/id_ed25519.pub > ~/.ssh/id_ed25519.pub.md5

also provide the PPK format for e.g. Filezilla, but unless you are willing to compile the dev version, you will have to use RSA or DSA (-t rsa, dsa, rsa1),

sudo apt install putty-tools
puttygen ~/.ssh/id_ed25519 -o ~/.ssh/id_ed25519.ppk

fix the permissions,

chmod 700 ~/.ssh/
chmod 600 ~/.ssh/authorized_keys
chmod 600 ~/.ssh/known_hosts
chmod 400 ~/.ssh/id_*

Setup

Make it easier to deal with known hosts (don’t hash them out), show the host public key in visual form so you get used to it, and speed up SSH logon by disabling GSSAPI

mv -i /etc/ssh/ssh_config /etc/ssh/ssh_config.dist
grep -vE '^#|^$' /etc/ssh/ssh_config.dist > /etc/ssh/ssh_config.clean
grep -vE '^#|^$' /etc/ssh/ssh_config.dist > /etc/ssh/ssh_config
vi /etc/ssh/ssh_config

Host *
    #SendEnv LANG LC_*
    HashKnownHosts no
    GSSAPIAuthentication no
    VisualHostKey yes

Passphrase helper

as root

apt install ssh-askpass-gnome ssh-askpass

as user

do not even think on improving this magic (see resources)

cp -pi ~/.profile ~/.profile.dist
vi ~/.profile

    SSH_ENV="$HOME/.ssh/environment"

    function start_agent {
         echo "Initialising new SSH agent..."
         /usr/bin/ssh-agent | sed 's/^echo/#echo/' > "${SSH_ENV}"
         echo succeeded
         chmod 600 "${SSH_ENV}"
         . "${SSH_ENV}" > /dev/null
         /usr/bin/ssh-add;
    }

    # Source SSH settings, if applicable

    if [ -f "${SSH_ENV}" ]; then
         . "${SSH_ENV}" > /dev/null
         #ps ${SSH_AGENT_PID} doesn't work under cywgin
         ps -ef | grep ${SSH_AGENT_PID} | grep ssh-agent$ > /dev/null || {
             start_agent;
         }
    else
         start_agent;
    fi

Resources

Using ssh-agent with ssh https://web.archive.org/web/20220323200504/http://mah.everybody.org/docs/ssh

An Illustrated Guide to SSH Agent Forwarding http://www.unixwiz.net/techtips/ssh-agent-forwarding.html

moar on fingerprints

Check SSH fingerprint https://web.archive.org/web/20220702051954/https://rawsec.ml/en/check-ssh-fingerprint/ –> see at the bottom


HOME | GUIDES | LECTURES | LAB | SMTP HEALTH | HTML5 | CONTACT
Copyright © 2024 Pierre-Philipp Braun